|
jerseygirl8t
|
 |
« on: January 26, 2004, 05:14:27 PM » |
|
 I have my 'webmaster' account email for my site come into my outlook express. I understand that all mail will get directed to the webmaster account, if a certain account doesnt exist. (huh?) Ok, for example, the site is dopoyume.com . If someone sends an email to michaeljackson@dopoyume.com because there is no michealjackson@dopoyume.com account, the mail will go into my webmaster account, right? Well... just today, I started to receive odd emails, all to different people: judy@dopoyume.com, jack@dopoyume.com, etc. I opened the first one to see what it was, (the site is for a band, it could've been business related with someone just getting a band members name wrong). It was an attachment, a zip file, so I <gasp> unzipped it, and suddenly my norton's antivirus started to go crazy. Said a worm was attached. kmvbp.pif I believe it was. I quarantined it, did a virus scan and everything was clear. But now, I keep getting these emails, I'm actually getting like 10 an hour!! Again, they're all to different non existant people at dopoyume.com and all coming from different email addresses: claudia@golf-gear-review.comjoe@sobobassprings.comjim@wired.comserg@golf-gear-review.comadam@thelodgeatpinecove.com , etc. etc. etc. And each one has an attachment. I haven't opened any since the first one though. Is there anything I can do about this? (Sorry so longwinded and confusing!) Any help will be greatly appreciated.  |
|
|
|
|
Logged
|
|
|
|
|
Coon
|
|
« Reply #1 on: January 26, 2004, 05:53:16 PM » |
|
No sure what to do, but I got some emails like that today too. I just didn't open them and allowed Norton Anti-Virus to take care of them.  |
|
|
|
|
Logged
|
|
|
|
|
kwdavids
|
|
« Reply #2 on: January 26, 2004, 06:02:12 PM » |
|
There are several mass email worms going on right now.
I've struggled with this issue for some time and have come to the conclusion that it's better NOT to have a default mailbox.
I once reasoned that I wanted to get the mail even if the sender misspelled the address. What happened was that I was spending my time fixing their mistakes, or getting unwanted email worms.
What's better is simply to bounce misaddressed emails. The sender then gets automatic notification that they made a mistake, and can fix it for the future.
To disable the default email address, go to control panel, click Email and select "Default Address" from the Main Manager Menu.
|
|
|
|
|
Logged
|
Kevin
|
|
|
|
jerseygirl8t
|
|
« Reply #3 on: January 26, 2004, 06:54:00 PM » |
|
Thanks Kevin. I just fixed it so that all the mail will bounce back to the sender. Hopefully, this will help! I'm just confused as to where and how it all started, I haven't even used this email account in a while.  |
|
|
|
|
Logged
|
|
|
|
|
|
Jay
MR-Disabled
Über Jedi
 Offline
Posts: 1560
|
|
« Reply #5 on: January 27, 2004, 12:02:40 AM » |
|
Both unrelated.. This is the first of the year.. check out the articles I linked to in my other post Here |
|
|
|
|
Logged
|
|
|
|
|
TWebMan
|
|
« Reply #6 on: January 27, 2004, 12:13:13 AM » |
|
..and the Trend alert is there (I LOVE those Trend alerts heheh)
|
|
|
|
|
Logged
|
"Computers cause people to make more mistakes than any other invention in history, with the possible exception of handguns and tequila." - Unknown "Liberty of any kind is seldom lost all at once." - D. Hume Every day is an Ode to JoyThe planet will be fine... and so will your site |
|
|
|
Martijn
|
|
« Reply #7 on: January 27, 2004, 12:35:13 AM » |
|
I'm receiving tons of them as well. The are originating from the following two IP's:
from [66.196.219.113]
and
from [24.20.80.55]
Both not mine. So I set up a mailfilter to block any message with something like this in the headers.
|
|
|
|
|
Logged
|
|
|
|
|
kwdavids
|
|
« Reply #8 on: January 27, 2004, 05:30:31 AM » |
|
Catching Novarg.A requires the 1/26/2004 NAV definitions.
While blocking an IP address can help in extreme situations, with a mass email virus like this, it's probably not possible to find and block all the senders, and there is a risk of blocking legitimate mail. I'm getting them from an IP address different from the ones Martijn listed.
|
|
|
|
|
Logged
|
Kevin
|
|
|
|
Martijn
|
|
« Reply #9 on: January 27, 2004, 06:53:24 AM » |
|
Yeah, I'm now receiving from other IP's as well. The first 8 hours all mails originated from just two address.
|
|
|
|
|
Logged
|
|
|
|
|
Danielle
Guest
|
|
« Reply #10 on: January 27, 2004, 06:59:33 AM » |
|
kwdavids,
Per your tip about setting up the default address to :fail: in CPanel, I decided to do that for all my accounts. Thanks for the good idea. I have never received an important message to a nonexisting account, and I think my reasoning for having the catchall were not really valid since a bounce back to the sender does let them know the address is either misspelled or invalid.
Thanks again
|
|
|
|
|
Logged
|
|
|
|
|
ronr1999
|
|
« Reply #11 on: January 27, 2004, 07:01:27 AM » |
|
To disable the default email address, go to control panel, click Email and select "Default Address" from the Main Manager Menu.
Wouldn't it be best to change this to send to "blackhole" ?? Thanks for posting this option, didn't know about it. RonR |
|
|
|
|
Logged
|
|
|
|
|
Danielle
Guest
|
|
« Reply #12 on: January 27, 2004, 07:05:58 AM » |
|
Hi RonR,
To set it to :fail: instead of blackhole lets the sender get a bounce back, so if it is a friend or acquaintance, they will know they are entering the wrong address/misspelling it. That is the reason you might want to bounce it back to them. Blackhole simply sends it to nowhere basically, and the person (and you) will never know the address was invalid. With spam/virus emails, it doesn't matter what happens to them to get them out of your inbox, so blackhole would be fine, but I think fail is preferable in the instances I noted above if you want to catch legitimate correspondence to you being misspelled.
I hope this helps.
|
|
|
|
|
Logged
|
|
|
|
|
ronr1999
|
|
« Reply #13 on: January 27, 2004, 07:19:27 AM » |
|
Hi RonR,
To set it to :fail: instead of blackhole lets the sender get a bounce back, so if it is a friend or acquaintance, they will know they are entering the wrong address/misspelling it.
Ok, so you send it back with a "fail" and isn't it possible for that mailer to then just send it back to you as undeliverable... creating a loop and creating more bogus email for the the person on the other end ? RonR |
|
|
|
|
Logged
|
|
|
|
|
drkknght
|
|
« Reply #14 on: January 27, 2004, 07:21:32 AM » |
|
i prefer allowing *anything*@robkamphausen.com to come in, just because it helps me sort things. like, i get my cable bill at cable@robkamphausen.com, phone bill at phone@robkamphausen.com (etc, etc). i have lots of emails like that. however, even if i shut off that ability, i'm getting dozens (every hour!) of spam emails. even before this recent worm, i get roughly 40-50 per day. now, since last checking my mail at 1 am last night, by 8 am, i had 82 spam emails. is there any recomended approach to removing all of this spam? i have outlook express 6 (on an XP system). i've set up many filters, by message and subject content, but they're either being "ignored," or the spams just find ways around it. |
|
|
|
|
Logged
|
|
|
|
|
